![]() | Cryptographic Token Interface Standard |
PKCS#11 |
Data Fields | |
CK_ULONG | ulMinKeySize |
the minimum size of the key for the mechanism. More... | |
CK_ULONG | ulMaxKeySize |
the maximum size of the key for the mechanism. More... | |
CK_FLAGS | flags |
bit flags specifying mechanism capabilities. More... |
ulMinKeySize | the minimum size of the key for the mechanism |
ulMaxKeySize | the maximum size of the key for the mechanism |
flags | bit flags specifying mechanism capabilities |
For some mechanisms, the ulMinKeySize and ulMaxKeySize fields have meaningless values.
The following table defines the flags parameter:
Table 7-4, Mechanism Information Flags
Bit Flag | Mask | Meaning |
CKF_HW | 0x00000001 | TRUE if the mechanism is performed by the device; FALSE if the mechanism is performed in software |
CKF_ENCRYPT | 0x00000100 | TRUE if the mechanism can be used with C_EncryptInit |
CKF_DECRYPT | 0x00000200 | TRUE if the mechanism can be used with C_DecryptInit |
CKF_DIGEST | 0x00000400 | TRUE if the mechanism can be used with C_DigestInit |
CKF_SIGN | 0x00000800 | TRUE if the mechanism can be used with C_SignInit |
CKF_SIGN_RECOVER | 0x00001000 | TRUE if the mechanism can be used with C_SignRecoverInit |
CKF_VERIFY | 0x00002000 | TRUE if the mechanism can be used with C_VerifyInit |
CKF_VERIFY_RECOVER | 0x00004000 | TRUE if the mechanism can be used with C_VerifyRecoverInit |
CKF_GENERATE | 0x00008000 | TRUE if the mechanism can be used with C_GenerateKey |
CKF_GENERATE_KEY_PAIR | 0x00010000 | TRUE if the mechanism can be used with C_GenerateKeyPair |
CKF_WRAP | 0x00020000 | TRUE if the mechanism can be used with C_WrapKey |
CKF_UNWRAP | 0x00040000 | TRUE if the mechanism can be used with C_UnwrapKey |
CKF_DERIVE | 0x00080000 | TRUE if the mechanism can be used with C_DeriveKey |
CKF_EXTENSION | 0x80000000 | TRUE if an extension to the flags; FALSE if no extensions. Must be FALSE for this version. |
Function types
Cryptoki represents information about functions with the following data types:
For this version of Cryptoki, the following return values are defined:
#define CKR_OK 0x00000000 #define CKR_CANCEL 0x00000001 #define CKR_HOST_MEMORY 0x00000002 #define CKR_SLOT_ID_INVALID 0x00000003 #define CKR_GENERAL_ERROR 0x00000005 #define CKR_FUNCTION_FAILED 0x00000006 #define CKR_ATTRIBUTE_READ_ONLY 0x00000010 #define CKR_ATTRIBUTE_SENSITIVE 0x00000011 #define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012 #define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013 #define CKR_DATA_INVALID 0x00000020 #define CKR_DATA_LEN_RANGE 0x00000021 #define CKR_DEVICE_ERROR 0x00000030 #define CKR_DEVICE_MEMORY 0x00000031 #define CKR_DEVICE_REMOVED 0x00000032 #define CKR_ENCRYPTED_DATA_INVALID 0x00000040 #define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041 #define CKR_FUNCTION_CANCELED 0x00000050 #define CKR_FUNCTION_NOT_PARALLEL 0x00000051 #define CKR_FUNCTION_PARALLEL 0x00000052 #define CKR_FUNCTION_NOT_SUPPORTED 0x00000054 #define CKR_KEY_HANDLE_INVALID 0x00000060 #define CKR_KEY_SIZE_RANGE 0x00000062 #define CKR_KEY_TYPE_INCONSISTENT 0x00000063 #define CKR_KEY_NOT_NEEDED 0x00000064 #define CKR_KEY_CHANGED 0x00000065 #define CKR_KEY_NEEDED 0x00000066 #define CKR_KEY_INDIGESTIBLE 0x00000067 #define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068 #define CKR_KEY_NOT_WRAPPABLE 0x00000069 #define CKR_KEY_UNEXTRACTABLE 0x0000006A #define CKR_MECHANISM_INVALID 0x00000070 #define CKR_MECHANISM_PARAM_INVALID 0x00000071 #define CKR_OBJECT_HANDLE_INVALID 0x00000082 #define CKR_OPERATION_ACTIVE 0x00000090 #define CKR_OPERATION_NOT_INITIALIZED 0x00000091 #define CKR_PIN_INCORRECT 0x000000A0 #define CKR_PIN_INVALID 0x000000A1 #define CKR_PIN_LEN_RANGE 0x000000A2 #define CKR_SESSION_CLOSED 0x000000B0 #define CKR_SESSION_COUNT 0x000000B1 #define CKR_SESSION_EXCLUSIVE_EXISTS 0x000000B2 #define CKR_SESSION_HANDLE_INVALID 0x000000B3 #define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4 #define CKR_SESSION_READ_ONLY 0x000000B5 #define CKR_SESSION_EXISTS 0x000000B6 #define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7 #define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8 #define CKR_SIGNATURE_INVALID 0x000000C0 #define CKR_SIGNATURE_LEN_RANGE 0x000000C1 #define CKR_TEMPLATE_INCOMPLETE 0x000000D0 #define CKR_TEMPLATE_INCONSISTENT 0x000000D1 #define CKR_TOKEN_NOT_PRESENT 0x000000E0 #define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1 #define CKR_TOKEN_WRITE_PROTECTED 0x000000E2 #define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0 #define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1 #define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2 #define CKR_USER_ALREADY_LOGGED_IN 0x00000100 #define CKR_USER_NOT_LOGGED_IN 0x00000101 #define CKR_USER_PIN_NOT_INITIALIZED 0x00000102 #define CKR_USER_TYPE_INVALID 0x00000103 #define CKR_WRAPPED_KEY_INVALID 0x00000110 #define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112 #define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113 #define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114 #define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115 #define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120 #define CKR_RANDOM_NO_RNG 0x00000121 #define CKR_INSERTION_CALLBACK_NOT_SUPPORTED 0x00000141 #define CKR_BUFFER_TOO_SMALL 0x00000150 #define CKR_SAVED_STATE_INVALID 0x00000160 #define CKR_INFORMATION_SENSITIVE 0x00000170 #define CKR_STATE_UNSAVEABLE 0x00000180 #define CKR_VENDOR_DEFINED 0x80000000
Section defines the meaning of each CK_RV value. Return values CKR_VENDOR_DEFINED and above are permanently reserved for token vendors. For interoperability, vendors should register their return values through the PKCS process.
typedef CK_RV (CK_ENTRY * CK_NOTIFY)( CK_SESSION_HANDLE hSession, CK_NOTIFICATION event, CK_VOID_PTR pApplication );
The arguments to a notification callback function have the following meanings:
hSession The handle of the session performing the callback
event The type of notification callback
pApplication An application-defined value. This is the same value as was passed to C_OpenSession to open the session performing the callback
Cryptoki also defines an entire family of other function pointer types. For each function C_XXX in the Cryptoki API (there are 67 such functions in Cryptoki v2.0; see Section for detailed information about each of them), Cryptoki defines a type CK_C_XXX, which is a pointer to a function of C_XXX 's type.
|
the minimum size of the key for the mechanism. |
|
the maximum size of the key for the mechanism. |
|
bit flags specifying mechanism capabilities. |